Look no further than the latest cybersecurity headlines to see that hackers remain at the top of their game. But are we putting up a fair fight? This week in the Hacker Tracker, we take a break from focusing on the latest happenings with hackers and instead focus on what’s being done (or needs to be done) to halt them.
Securing IT infrastructure has reached a critical tipping point.
According to new research, despite the fact that cybersecurity has captured the attention of the C-suite, many IT professionals still rate their companies very low when it comes to security practices and procedures.
The report from editors at CIO, CSO and Computerworld found that aligning IT security concerns with business needs remains a top challenge for many firms.
While all companies hope to avoid the damages and financial costs of high-profile breaches, IT leaders are still facing a very complex cybercrime world and a tough time ensuring that their security goals don’t interfere with business operations.
A survey of 287 U.S. respondents revealed that two-thirds feel as though upper management at their organizations are focusing more attention on information security than in years past. But there is still a balancing act between putting IT security into practice and ensuring there are no impacts to business needs, such as justifying costs, defining risks and clarifying roles and responsibilities.
The security report card, where respondents were asked to grade their organization’s security practices as an A, B, C, D or F, showed that, while half would assign an A or B, an equal portion selected C, D or F.
“The frequency and severity of attacks are always going to increase, but we’ve identified the type of attacks that do the most damage, and we focus our efforts on those,” Jonathan Block, VP of IT for sales and marketing advisory firm SiriusDecisions, explained.
Outside of emphasizing awareness, the report suggested that aligning business and information security goals requires actions such as the creation of an open communication channel, budgeting wisely and making the risk and losses of a potential data breach tangible and real.
Central Banks Take A Stand
To say this year’s Bangladesh Bank heist, in which $81 million was stolen by hackers who aimed to take as much as $951 million, was a wake-up call would be an understatement.
The event is considered to be one of the largest cyberthefts worldwide and has left a lasting impact on the financial industry.
In response to the massive cybercrime incident and in an attempt to prevent it from happening again, the world’s major central banks launched a task force focused on cybersecurity in cross-border banking and protecting interbank payments.
In a statement, Benoit Coeure, chairman of the Committee on Payments and Market Infrastructures, part of the Bank for International Settlements, said that recent incidents of cyberfraud have become a concern for the entire central banking community.
“We are working to make sure there are adequate checks and balances in place at each stage of the payments process,” said Coeure, adding that the committee will decide on procedures and the review of current practices.
When Awareness Isn’t Enough
The U.K. Cyber Risk Survey Report for 2016 revealed that, while awareness of cyber risk among U.K.-based risk and financial professionals is up, the true understanding of these risks and possible costs tied to cyberattacks still has a long way to go.
U.K. firms have no doubt gained some insight and exposure as the number of cyberattacks have continued to rise. Insurance broker and risk management firm Marsh noted that approximately 83 percent of respondents have shown a basic or “complete understanding” of their own organization’s exposure to attacks, up from nearly 61 percent in 2015.
But only a quarter of those respondents think they (or their firms) have a “complete” understanding of their exposure and risk. Marsh said that this finding suggests that there is “still a lot of work to do to improve understanding and management.”
Actually, 35 percent of those surveyed said they do not have an idea, from a quantitative standpoint, as to just how much a successful attack might cost their firm. Despite the fact that 40 percent of firms said they had experienced a cyberattack in the past 12 months, stats from the U.K. government paint a more worrying picture, with 65 percent of large organizations and 51 percent of mid-sized firms seeing breaches.
That speaks to at least some level of disconnect between perception and reality.